[PATCH] ext4: fix race condition between ext4_write and ext4_convert_inline_data
2 views
Skip to first unread message
Tadeusz Struk
Jul 12, 2022, 2:15:18 PM7/12/22
to syzbot+2cc95c...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10-lts
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 6641b74ad462..0f49bf547b84 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4691,16 +4691,17 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
return -EOPNOTSUPP;
ext4_fc_start_update(inode);
+ inode_lock(inode);
+ ret = ext4_convert_inline_data(inode);
+ inode_unlock(inode);
+ if (ret)
+ goto exit;
if (mode & FALLOC_FL_PUNCH_HOLE) {
ret = ext4_punch_hole(file, offset, len);
goto exit;
}
- ret = ext4_convert_inline_data(inode);
- if (ret)
- goto exit;
-
if (mode & FALLOC_FL_COLLAPSE_RANGE) {
ret = ext4_collapse_range(file, offset, len);
goto exit;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 72e3f55f1e07..bd0d0a10ca42 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4042,15 +4042,6 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length)
trace_ext4_punch_hole(inode, offset, length, 0);
- ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
- if (ext4_has_inline_data(inode)) {
- down_write(&EXT4_I(inode)->i_mmap_sem);
- ret = ext4_convert_inline_data(inode);
- up_write(&EXT4_I(inode)->i_mmap_sem);
- if (ret)
- return ret;
- }
-
/*
* Write out all dirty pages to avoid race conditions
* Then release them.
--
2.36.1
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 6641b74ad462..0f49bf547b84 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4691,16 +4691,17 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
return -EOPNOTSUPP;
ext4_fc_start_update(inode);
+ inode_lock(inode);
+ ret = ext4_convert_inline_data(inode);
+ inode_unlock(inode);
+ if (ret)
+ goto exit;
if (mode & FALLOC_FL_PUNCH_HOLE) {
ret = ext4_punch_hole(file, offset, len);
goto exit;
}
- ret = ext4_convert_inline_data(inode);
- if (ret)
- goto exit;
-
if (mode & FALLOC_FL_COLLAPSE_RANGE) {
ret = ext4_collapse_range(file, offset, len);
goto exit;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 72e3f55f1e07..bd0d0a10ca42 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4042,15 +4042,6 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length)
trace_ext4_punch_hole(inode, offset, length, 0);
- ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
- if (ext4_has_inline_data(inode)) {
- down_write(&EXT4_I(inode)->i_mmap_sem);
- ret = ext4_convert_inline_data(inode);
- up_write(&EXT4_I(inode)->i_mmap_sem);
- if (ret)
- return ret;
- }
-
/*
* Write out all dirty pages to avoid race conditions
* Then release them.
--
2.36.1
syzbot
Jul 12, 2022, 2:40:12 PM7/12/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+2cc95c...@syzkaller.appspotmail.com
Tested on:
commit: fa7f6a5f Merge branch 'android12-5.10' into branch 'an..
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=11e5570c080000
kernel config: https://syzkaller.appspot.com/x/.config?x=70868d9099c5eaf8
dashboard link: https://syzkaller.appspot.com/bug?extid=2cc95c8e803bc7c9e5cb
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=148906e8080000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+2cc95c...@syzkaller.appspotmail.com
Tested on:
commit: fa7f6a5f Merge branch 'android12-5.10' into branch 'an..
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=11e5570c080000
kernel config: https://syzkaller.appspot.com/x/.config?x=70868d9099c5eaf8
dashboard link: https://syzkaller.appspot.com/bug?extid=2cc95c8e803bc7c9e5cb
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=148906e8080000
Note: testing is done by a robot and is best-effort only.
Tadeusz Struk
Jul 12, 2022, 2:55:18 PM7/12/22
to syzbot+6bc6e7...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
syzbot
Jul 12, 2022, 3:12:08 PM7/12/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+6bc6e7...@syzkaller.appspotmail.com
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Tested on:
commit: fa7f6a5f Merge branch 'android12-5.10' into branch 'an..
git tree: android12-5.10-lts
kernel config: https://syzkaller.appspot.com/x/.config?x=70868d9099c5eaf8
dashboard link: https://syzkaller.appspot.com/bug?extid=6bc6e779d029f0440c75
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1383ab34080000
Tadeusz Struk
Jul 12, 2022, 3:31:48 PM7/12/22
to syzbot+5a7a00...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.4
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index f1bbce4350c4..e8911edf7858 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4932,6 +4932,12 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
FALLOC_FL_INSERT_RANGE))
return -EOPNOTSUPP;
+ inode_lock(inode);
+ ret = ext4_convert_inline_data(inode);
+ inode_unlock(inode);
+ if (ret)
+ return ret;
+
if (mode & FALLOC_FL_PUNCH_HOLE)
return ext4_punch_hole(inode, offset, len);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 1cac574911a7..d8fee911d4f4 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4322,15 +4322,6 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index f1bbce4350c4..e8911edf7858 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4932,6 +4932,12 @@ long ext4_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
FALLOC_FL_INSERT_RANGE))
return -EOPNOTSUPP;
+ inode_lock(inode);
+ ret = ext4_convert_inline_data(inode);
+ inode_unlock(inode);
+ if (ret)
+
if (mode & FALLOC_FL_PUNCH_HOLE)
return ext4_punch_hole(inode, offset, len);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 1cac574911a7..d8fee911d4f4 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4322,15 +4322,6 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
syzbot
Jul 15, 2022, 9:42:12 AM7/15/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+5a7a00...@syzkaller.appspotmail.com
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Tested on:
commit: 330fa791 ANDROID: GKI: Add FCNT KMI symbol list
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1234619a080000
kernel config: https://syzkaller.appspot.com/x/.config?x=fb4ea8006fdc5b09
dashboard link: https://syzkaller.appspot.com/bug?extid=5a7a005b7fb3843f6adc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=12d3fc44080000
Reply all
Reply to author
Forward
0 new messages